[Samba] Winbind + ext3 ACLs
Umberto Zanatta
uzanatta at provincia.treviso.it
Thu Jul 29 21:56:03 GMT 2004
You should set up smb.conf like that:
winbind trusted domains only = yes
winbind use default domain = no
When you change acl in files server, you will do:
setacl -m u:skennedy:rwx,d:u:skennedy:rwx vattelapesca.doc
u.
Il gio, 2004-07-29 alle 23:06, Sean Kennedy ha scritto:
> Hi folks,
>
> For the longest time, I've had a problem changing or modifying ACLs from
> my window clients. Whenever I tried, I'd get this in the logs:
>
> [2004/07/29 12:36:26, 0] smbd/posix_acls.c:create_canon_ace_lists(823)
> create_canon_ace_lists: unable to map SID
> S-1-5-21-1292428093-651377827-xxxxxxxxx-1333 to uid or gid.
>
> I could change the ACLs using getfacl/setfacl, btw.
>
> After a little investigation, I think I've found the problem. I'm using
> winbind here, but I'm using this option:
>
> winbind use default domain = yes
>
> Which, for the sake of completeness, strips out domain info out of the
> username. So instead of `BOCA/skennedy`, it comes out as `skennedy`.
> This is where I think my problem is. Using wbinfo, I resolved that SID
> to BOCA/skennedy, who happens to be a completely different user name.
>
> My question is this: Does my logic seem correct to everyone else? Is
> there anything else I should be looking at? Further, does anybody have
> a solution to this problem? This server is also a web/email server for
> the intranet, and I am trying to avoid setting up a new server ( we have
> 4 going already, mainly for window crap ) if at all possible.
>
> Any help is greatly apprecaited.
>
> Sean
_______________________
Umberto Zanatta
linuxDidattica
tel: +39 (335) 54 71 385
email: umberto.z at tin.it
web: http://linuxdidattica.org
_______________________
More information about the samba
mailing list